Peer pressure: Congress plans file-sharing ban

Peer-to-peer software, used to easily share computer files, poses a security risk and has no place on government or contractor networks, according to some members of Congress who held a hearing about the technology recently.

However, some experts argued that Congress should be careful in drafting a blanket ban on the technology. Stephen Sorett, a partner who specializes in government contracts at law firm McKenna, Long and Aldridge, suggested that it could be costly for some.

“What is going to be the cost impact on the agencies?” Sorett asked. “Are they going to have to hire or redeploy people or buy new technology? That all has costs and should be looked at.”

A ban of peer-to-peer software in government is necessary because there are too many ways for attackers to get through security holes, said Kunal Johar, who spent five years at the Defense Department as an information assurance expert and is now president of vOfficeware.

If Congress approves a ban, agencies will likely find it challenging, Johar said.

“This is fairly difficult to enforce, especially on contractor facilities,” he said. “The Federal Information Security Management Act of 2002 started to make headway into enforcing security controls on contractor facilities. But seven years later, this is still a difficult task to enforce 100 percent.”

Agencies should also be aware that methods used to ban peer-to-peer software can also inadvertently block valid applications.

“This is inevitable but can be minimized by publicizing and testing the guidelines of a locked-down environment prior to deployment,” Johar said.